CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

EUVD-2021-1043

Malware in sbrugna...

EUVD-2022-1091

Malicious code in bioql PyPI...

EUVD-2024-53520

Malicious code in bioql PyPI...

EUVD-2024-43322

Malicious code in bioql PyPI...

Prototype Pollution

utils-extend is vulnerable to Prototype Pollution. The vulnerability is due to the lib.extend function, which allows an attacker to modify the global prototype chain and potentially cause a denial of service DoS...

utils-extend Prototype Pollution

The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...

1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +802 more potentially affected by CVE-2024-57077 via utils-extend (=1.0.8)

utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...

CVE-2024-57077

The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...

steal 安全漏洞

steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal 2.2.4, which stems from prototype contamination of function extend in StealJS via the key variable in babel....

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

Prototype Pollution

Overview extend2 is a forked from node-extend, the difference is overriding array as primitive when deep clone. Affected versions of this package are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge. POC: js var e = require "extend2" etrue, ,...

Unspecified vulnerability in js-extend

js-extend is a module for Npm with extension capabilities. A security vulnerability exists in js-extend versions 0.0.1 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

js-extend 安全漏洞

js-extend is a module for Npm with extension capabilities. A security vulnerability exists in js-extend versions 0.0.1 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +802 more potentially affected by CVE-2020-8147 via utils-extend (=1.0.8)

utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...

1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +802 more potentially affected by CVE-2020-8147 +1 more via utils-extend (=1.0.8)

utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), 47pages-keystone (>=0.0.1 <=0.0.5) +712 more potentially affected by CVE-2018-16491 via node.extend (>=0.0.1 <=1.1.6)

node.extend NPM version =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.6, =0.2.8-aneilbaboo1, =0.2.1, =0.5.0, =1.0.37, =0.2.1, =1.0.0, =0.2.35, =0.0.1, =2.3.1 and more Source cves: CVE-2018-16491 Source advisory: OSV:GHSA-R96C-57PF-9JJM...

@amalto/custom-form-dialog (>=1.1.1 <=1.2.1), @amalto/dynamic-component (>=1.1.1 <=1.2.1) +50 more potentially affected by CVE-2018-16489 via just-extend (>=1.1.22 <=3.0.0)

just-extend NPM version =1.1.22, =1.1.1, =1.1.1, =1.0.18, =1.0.32, =1.1.0, =1.0.21, =1.0.17, =0.1.0, =1.0.5, =1.3.0, =1.0.0, =0.12.0, =0.1.0-alpha.4c5f8c5a, =0.1.0-alpha.4c5f8c5a, =5.0.3-0 and more Source cves: CVE-2018-16489 Source advisory: OSV:GHSA-675M-85RW-J3W4...

08cms (=1.0.0), 1-of (>=1.0.0 <=1.0.1) +4831 more potentially affected by CVE-2018-16492 via extend (>=1.1.3 <=2.0.1)

extend NPM version =1.1.3, =1.0.0, =0.7.0, =0.1.0, =0.0.2, =0.0.1, =0.0.0, =0.1.4, =1.16.0, =0.0.1, =0.0.5 and more Source cves: CVE-2018-16492 Source advisory: OSV:GHSA-QRMC-FJ45-QFC2...